Blockchain researcher ZachXBT has revealed a widespread, ongoing attack that has drained hundreds of cryptocurrency wallets across various EVM-compatible networks. While each affected user has suffered relatively small losses, the cumulative amount stolen is over $107,000 and is likely higher. The specific security vulnerability that has been exploited remains uncertain.
A Silent Onslaught on EVM Blockchains
According to information shared by ZachXBT on Telegram, the attacker is targeting numerous wallets within different EVM-based networks. Instead of withdrawing large sums, the method predominantly revolves around extracting amounts below $2,000 from each wallet. This strategy makes early detection challenging while allowing the total loss to escalate quickly.
Blockchain data indicates that the attack isn’t confined to a single network. The manifestation of similar transfer patterns across multiple networks suggests a common security flaw or a user-end vulnerability. However, the precise point of entry remains unidentified, leaving the method of propagation through applications, contracts, or infrastructure unknown.
Additionally, the researcher has shared a suspicious wallet address with the public. The address 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB is believed to be linked to the attack. There is currently no concrete information regarding the perpetrator’s identity or an organizational structure behind the attack.
Heightened Security Concerns
This incident comes on the heels of a series of significant security breaches observed in the cryptocurrency ecosystem throughout December 2025. Blockchain security firm PeckShield reported approximately 26 large-scale attacks during December, with total losses reaching $76 million. Although this marks a 60% decrease from the $194.27 million lost in November, the risks persist.
One of last month’s most notable events involved a hack originating from Trust Wallet. A flaw discovered in a specific version of the browser extension during the Christmas holiday resulted in a loss of around $7 million. The company has announced the initiation of a compensation process for users affected by the issue.
Trust Wallet CEO Eowyn Chen reported that a technical problem led to temporarily disabling the extension on the Chrome Web Store. With the new update, verification codes can now be transmitted directly through the extension.
